Skip to main content
Report File
Date Issued
Submitting OIG
National Archives and Records Administration OIG
Other Participating OIGs
National Archives and Records Administration OIG
Agencies Reviewed/Investigated
National Archives and Records Administration
Report Number
17-AUD-04
Report Description

This audit was conducted to identify MS Access applications and databases in use across NARA, assess the security controls for those applications and databases, and determine whether NARA is appropriately positioned to accommodate and maintain the applications and databases and security controls after the planned MS Access upgrade to a newer version.

Report Type
Audit
Number of Recommendations
9
Questioned Costs
$0
Funds for Better Use
$0

Open Recommendations

This report has 3 open recommendations.
Recommendation Number Significant Recommendation Recommended Questioned Costs Recommended Funds for Better Use Additional Details
3 Yes $0 $0

We recommend the Chief Information Officer, in conjunction with each program office, develop and implement a comprehensive, systematic process to determine when a MS Access application or database should be recognized as an IT system.

4 Yes $0 $0

We recommend the Chief Information Officer, in conjunction with each program office: Determine all MS Access databases containing PII and ensure they are: (a) encrypted in storage and transmission; and (b) password-protected in accordance with NARA Directive 1608 and the Privacy Act.

5 Yes $0 $0

Develop and implement a process, for future MS Access applications and databases created by program offices, including notification to and approval from the Office of Information Services for those that are mission-critical and/or contain PII or otherwise sensitive information.

National Archives and Records Administration OIG

United States